CVE-2024-3727

High

A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry…

redhat·CWE-354·Published 2024-05-09

CVSS

8.3

EPSS

0.01

KEV

Exploits

Vendor statements (25)

cve.orgen

239 chars

A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.

OSV.deven

164 chars

An attacker may trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.

GHSAen

239 chars

NVDes

263 chars

Se encontró una falla en la librería github.com/containers/image. Esta falla permite a los atacantes activar accesos inesperados al registro autenticado en nombre de un usuario víctima, lo que provoca agotamiento de recursos, path traversal local y otros ataques.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	8.3	—	—	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
3.1	Primary	cve.org	8.3	—	—	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
3.1	Secondary	NVD	8.3	1.6	6.0	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
3.1	Secondary	GHSA	8.3	—	—	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H